* Call center calls up, claiming to be of Microsoft and having received alerts of malware from user’s machine. Often this involves getting the user to launch the MMC Event Viewer, where there will be undoubtedly application or system notices (which are usually harmless) – citing them as ‘malware’.
* Requests user navigate to a legitimate remote desktop website (such as LogMeIn or ShowMyPC), where they enter a code to give full control to the remote caller.
* Once they have control, they will either point the browser to their own website where credit card details are requested (payment can be routed through a legitimate payment processor).
* If the user is unconvinced at this stage, the remote operator takes to disabling vital Windows services, or forcing Windows to launch in Safe Mode continually to cause more damage.
* It does not appear they sniff through hard disk contents, or disable AV / firewall. It also does not appear that they are very technically proficient.
Or watch a collection of videos here –